Kyle
December 18, 2023, 11:10pm
1
I’ve decided on using suricata rather than making a flake for snort 3.
I would like to use a simple config for suricata in IPS mode. Do I add something like this to my configuration.nix?
systemd.services.suricata = {
description = "Suricata IDS/IPS";
wantedBy = ["multi-user.target"];
serviceConfig = {
type = "simple";
ExecStart = "?";
Restart = "on-failure";
};
};
Also, should its config file be made with environments.etc or with home.file?
environment.etc."suricata.yaml".source = pkgs.writeTextFile {
name = "suricata.yaml";
text = ''
contents
'';
};
Kyle
December 26, 2023, 9:31pm
2
Another question I had forgot to ask.
Does the default nixos firewall provide sufficient intrusion prevention or is it prudent to set it up via a package? Not sure if there is a built in service like clamav.
Yea, something like that.
If suricata is packaged already, you can reference the binary in ExecStart, and optionally provide arguments to the command invocation.
ExecStart = “${pkgs.suricata}/bin/suricata”;
You could put the config file in the default location suricata looks in. Alternatively, reference the nix built file (from writeText) in the ExecStart command if suricata has an flag for it.
If you’re not trying to upstream a module, you don’t need to add any polish or make deeper considerations on the interface.
The firewall is enabled by default: NixOS 24.05 manual | Nix & NixOS
Clamav has a module available: https://nixos.org/manual/nixos/unstable/options#opt-services.clamav.daemon.enable
Suricata should run as a system service, not a user service. So it doesn’t make sense to put the config file in a home directory using home manager.
Kyle
December 28, 2023, 7:59pm
5
Thank you.
I was able to find the config file from the git repo.
From there I can add the contents to the correct location.
In case you’re interested: I am currently writing a nixos module for suricata. If you have the time, maybe you could check it out. I’m happy about any advice.
NixOS:master ← secshellnet:mod-suricata
opened 12:45PM - 22 May 24 UTC
## Description of changes
This pr adds a nixos module to configure suricata.
…
I will rebase the commits before merge.
<!--
For package updates please link to a changelog or describe changes, this helps your fellow maintainers discover breaking updates.
For new packages please briefly describe the package or provide a link to its homepage.
-->
## Things done
- Built on platform(s)
- [x] x86_64-linux
- [ ] aarch64-linux
- [ ] x86_64-darwin
- [ ] aarch64-darwin
- For non-Linux: Is sandboxing enabled in `nix.conf`? (See [Nix manual](https://nixos.org/manual/nix/stable/command-ref/conf-file.html))
- [ ] `sandbox = relaxed`
- [ ] `sandbox = true`
- [ ] Tested, as applicable:
- [NixOS test(s)](https://nixos.org/manual/nixos/unstable/index.html#sec-nixos-tests) (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
- and/or [package tests](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#package-tests)
- or, for functions and "core" functionality, tests in [lib/tests](https://github.com/NixOS/nixpkgs/blob/master/lib/tests) or [pkgs/test](https://github.com/NixOS/nixpkgs/blob/master/pkgs/test)
- made sure NixOS tests are [linked](https://nixos.org/manual/nixpkgs/unstable/#ssec-nixos-tests-linking) to the relevant packages
- [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage)
- [ ] Tested basic functionality of all binary files (usually in `./result/bin/`)
- [24.05 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2405.section.md) (or backporting [23.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2305.section.md) and [23.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2311.section.md) Release notes)
- [ ] (Package updates) Added a release notes entry if the change is major or breaking
- [ ] (Module updates) Added a release notes entry if the change is significant
- [ ] (Module addition) Added a release notes entry if adding a new NixOS module
- [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md).
<!--
To help with the large amounts of pull requests, we would appreciate your
reviews of other pull requests, especially simple package updates. Just leave a
comment describing what you have tested in the relevant package/service.
Reviewing helps to reduce the average time-to-merge for everyone.
Thanks a lot if you do!
List of open PRs: https://github.com/NixOS/nixpkgs/pulls
Reviewing guidelines: https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#reviewing-contributions
-->
---
Add a :+1: [reaction] to [pull requests you find important].
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
[pull requests you find important]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+sort%3Areactions-%2B1-desc